So, in a move that I can't currently understand, Trend Micro CEO Eva Chen has thrown out some buzz words claiming that they will move their anti-virus software into the cloud. Wait... she said what now? I'm not really sure what that actually means, because the article is very vague and missing a lot of implementation details, but this does NOT sound like a good thing from a security perspective.
You've gotta love buzz words though. They just start cropping up in every product pitch you can see. I can see it right now, I guarantee that I will have to have a discussion in the next month with a client about what I think about AV in the cloud. SO, without further adieu, I provide a quick breakdown of the article and a summary of what I really think about cloud AV, and maybe a bit about what I think of cloud computing.
From the article:
"Chen, unsurprisingly, is convinced that cloud-client architecture, which Trend Micro has dubbed the Smart Protection Network, can bring down the shutters on pesky hackers."
Funny that statement, "unsurprisingly, is convinced... can bring down the shutters on pesky hackers"... cause I'm surprised. Since when did AVs bring the shutters down on pesky hackers? AVs (if they are good), may bring the shutters down on viruses, but by the time a virus signature is created, strategic hackers (the kind doing this professionally) are typically already gone. Further, if I remember with horror the presentation so deftly provided by Sowhat! at Black Hat Europe, AVs have actually LED to many attack points useful to hackers themselves.
Again from the article:
"The technology uses pattern comparison in the cloud and a client-side agent that is about 70 per cent smaller than Trend Micro’s previous offering. The firm's cloud databases will be updated within 15-30 minutes of new malware being identified, claimed Chen."
So, my thought here is, hang on... now that my AV is in the cloud, what happens if I don't have an Internet connection? Oops. Well, let's hope they think of that before this goes production. The articles goes on to quote Chen as saying:
“We utilised our knowledge on the client-side to come out with a thin client that would minimize the need to send a file up to the cloud, we did not send any traffic there, the only thing that’s sent is a query so there’s no privacy issue because no [personal] information is being sent to the cloud.”
Ok, I'm throwing the giant red flag on this one. First, they are saying they have a thin client now (not a full blown client side application) that "minimizes the need to send a file up into the cloud". Next they say, "we did not send any traffic there, the only thing that's sent is a query"... wait, what? So, sometimes they send files, but apparently they don't send any traffic? Maybe she means that network traffic itself isn't thrown over to the cloud?
Finally, she says, "there's no privacy issues because no [personal] information is being sent to the cloud."
To which I say, you just said that you may send files into the cloud. Or queries containing file information. Um... I get a lot of files that I would consider personal. I would strongly suggest to Trend Micro you re-think this. I can tell you right now, I don't think there's anyway that I could use this product.
The reports I write for clients are highly confidential... could you imagine my machine trying to send that data into the cloud for analysis?
So, you know, each time a new technology comes out, people just lose their minds over it. Everyone's gotta jump on board so they can use those buzz words. I actually think it's how some people stay in industry, by just making sure they're able to use those buzz words. I mean no disrespect to Eva Chen here, but AV in the cloud does not sound like a very good idea. I invite an AV company already implementing this, or considering implementing this to contact me with your thoughts.
Admittedly, the article about Trend Micro's innovation is very vague, so if I'm wrong, I'll be glad to retract, but right now, I like my AV just how it is, firmly not in the cloud. Actually, to be fair and honest, after watching Sowhat's Black Hat Europe talk, I like my AV just how it is, uninstalled.
I applaud Eva and Trend Micro for trying to innovate, something that the AV industry has needed for a long time now, but I think this is going the wrong direction.
Here's the thing with cloud computing, it has awesome potential for good, but it's really going to complicate some of our current thoughts on security as your company's data gets thrown into a giant data gumbo with everyone else's data. I feel pretty confident that we'll see a good amount of enterprising hackers enjoying that gumbo.